CREW AND THERMAL SYSTEMS DIVISION 

NASA - LYNDON B. JOHNSON SPACE CENTER 


Hazard Analysis for Building 34 
Vacuum Glove Box Assembly 


DOCUMENT NUMBER 
CTSD-ADV-805 


DATE 

March 13, 2014 


PREPARED BY: 


Ian Meginnis / EC5 


JL M d Inf ‘4 




REVIEWED BY: 


Kevin Groneman / EC5 


t T-/ 7 ~/ l ~/ 


APPROVED BY: 


Dana Valish / EC5 




APPROVED BY: 


Jessie Zapata / NS 




APPROVED BY: 


Raul Blanco / EC5 




)1 Itf&s 


No. Of Pages: 16 


REVISIONS 

REVISION 

LETTER/DATE 

PREPARER 

APPROVALS 

AUTHORZIED 

BRANCH 

PROGRAM 

A/ 09-22-10 
B/ 03-13-14 

J. Harris 
1. Meginnis 

R. Blanco 
R. Blanco 



JSC Form 1 51 C (Apr 91) 


Crew and Thermal Systems Division 

Hazard Analysis for Building 34 Vacuum Glove Box Assembly 

Space Suit and Crew Survival 
Systems Branch 


B 

CTSD-ADV-805 

Date: March 13, 2014 

Page 2 of 16 


Change Record 
























Crew and Thermal Systems Division 

Hazard Analysis for Building 34 Vacuum Glove Box Assembly 

Space Suit and Crew Survival 
Systems Branch 


B 

CTSD-ADV-805 

Date: March 13, 2014 

Page 3 of 16 


1.0 Introduction 

One of the characteristics of an effective safety program is the recognition and control of hazards 
before mishaps or failures occur. Conducting potentially hazardous tests necessitates a thorough 
hazard analysis in order to prevent injury to personnel, and to prevent damage to facilities and 
equipment. 

The primary purpose of this hazard analysis is to define and address the potential hazards and 
controls associated with the Building 34 Vacuum Glove Box Assembly, and to provide the 
applicable team of personnel with the documented results. It is imperative that each member of 
the team be familiar with the hazards and controls associated with his/her particular tasks, 
assignments and activities while interfacing with facility test systems, equipment and hardware. 

In fulfillment of the stated purposes, the goal of this hazard analysis is to identify all hazards that 
have the potential to harm personnel, damage the facility or its test systems or equipment, test 
articles, Government or personal property, or the environment. This analysis may also assess 
the significance and risk, when applicable, of lost test objectives when substantial monetary value 
is involved. The hazards, causes, controls, verifications, and risk assessment codes have been 
documented on the hazard analysis work sheets in Appendix A of this document. 

The preparation and development of this report is in accordance with JPR 1700.1, “JSC Safety 
and Health Handbook” and JSC 17773 Rev D “Instructions for Preparation of Hazard Analysis for 
JSC Ground Operations”. 

2.0 Purpose 

The purpose of this document is to present the potential hazards involved in operations of the 
Building 34 Vacuum Glove Box Assembly. The hazards listed in this document are specific to 
Glove Box and Glove Assembly operations only; each supporting facility or requestor is 
responsible for task specific Hazard Analysis. A "hazard" is defined as any condition that has the 
potential for harming personnel or equipment. 

3.0 Scope 

As applicable, the scope of this safety assessment considers/reviews the following elements of 
the test/hardware system. 

A) Test System/Facility Hardware - Structural, Mechanical, Electrical, Chemical, Test 
Environment, Static/Dynamic Energies, Materials 

B) Test Personnel training and interaction with hardware, facility and/or test system 

C) Test Procedures, Equipment Operating Instructions, Check Lists, 

Equipment/Component Configurations, Drawings and Schematics 

4.0 References 

Note: All references must be reviewed prior to use to verify/confirm that the document is the 

latest revision. 
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4. 1 Documents 


Document 

Number 

Revision 

Document Title 

CTSD-ADV-804 

B 

Building 34 Glove Box Functional Check-Out 

CTSD-ADV-826 

B 

Building 34 Glove Box Operations 

CTSD-SH-998 

D 

CTSD Chemical Hygiene Plan 

EA-W 1-024 

A 

General Operating Procedures Manual for EA Testing Facilities 

JPR 1700.1 

J 

JSC Safety and Health Handbook 

JPR 1710.13 

E 

Design, Inspection, Certification of Pressure Vessels and 
Pressurized Systems 

JSC 1 7773 

D 

Instructions for Preparing Hazard Analysis for JSC Ground 
Operations 

NFPA 70 


National Electrical Code (NEC) 

STB-E-083 

A 

CTSD Materials Control Procedure and Materials Selection 
Criteria 

SW-E-0002 

E 

Ground Support Equipment General Design Requirement 

STB-F-586 

B 

Building 7 General Emergency Preparedness Plan and 
Evacuation Procedures 

CTSD-INST-004 

A 

Building 34 Emergency Action Plan 

WI-EC-4.1 0-1 

A 

EVA and Spacesuit System Branch Test Operations 

NPR 8715.3 


NASA General Safety Program Requirements 


4.2 Drawings/Schematics 


Drawing Number 

Sheet# 

Revision 

Title 

A27-M00000 

1 

C 

Building 34 Glove Box Mechanical Schematic 

A27-E00000 

1 

C 

Building 34 Glove Box Circuit Wiring Diagram 

SED361 29264 

1,2 

B 

Glove Box Part Drawing 


5.0 Symbols and Abbreviations 


Symbols & 
Abbreviations 

Explanation 

EVA 

Extra Vehicular Activity 

GSE 

Ground Support Equipment 

HA 

Hazard Analysis 

HAWS 

Hazard Analysis Worksheet 

TRR 

Technical Readiness Review 

PSIA 

Pounds per square inch - absolute 

PSID 

Pounds per square inch - delta 

PSIG 

Pounds per square inch - gauge 

PSMO 

Pressure System Managers Office 


6.0 Definitions 

The following definitions are vital to an understanding of the requirements contained in this 
document: 

a. Hazard — An unsafe or unhealthful condition that could lead to a mishap if it is not 
corrected. 
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b. Severity — The subjective estimate of worst credible outcome in terms of potential 
personnel injury, equipment/facility damage, and monetary losses. Consequence 
severity classes are defined as follows. 

Class I - Catastrophic: A condition that may cause death or permanently disabling 
injury, facility destruction on the ground, or loss of crew, major systems, or vehicle during 
the mission; schedule slippage causing launch window to be missed; cost overrun 
greater than 50% of planned cost. 

Class II - Critical: A condition that may cause severe injury or occupational illness, or 
major property damage to facilities, systems, equipment, or flight hardware; schedule 
slippage causing launch date to be missed; cost overrun between 15% and not 
exceeding 50% of planned cost. 

Class III - Moderate: A condition that may cause minor injury or occupational illness, or 
minor property damage to facilities, systems, equipment, or flight hardware; internal 
schedule slip that does not impact launch date; cost overrun between 2% and not 
exceeding 15% of planned cost. 

Class IV - Negligible: A condition that could cause the need for minor first-aid treatment 
but would not adversely affect personal safety or health; damage to facilities, equipment, 
or flight hardware more than normal wear and tear level; internal schedule slip that does 
not impact internal development milestones; cost overrun less than 2% of planned cost. 

c. Probability — The relative likelihood a hazard may occur. The complete likelihood range 
is separated into intervals for additional classification. It is important to note that even 
though quantitative probability intervals are listed in this document they are only for 
numeric comparison and that the actual probability or likelihood is derived by subjective 
estimations of a qualitative nature. The hazard likelihood categories are defined as 
follows. 

Probability A - Likely to occur - (e.g., 1 .0 £ Probability >0.1) 

Probability B - Probably will occur - (e.g., 0.1 > Probability > 0.01) 

Probability C - May occur - (e.g., 0.01 > Probability > 0.001 ) 

Probability D - Unlikely to occur - (e.g., 0.001 > Probability > 0.000001 ) 

Probability E - Improbable - (e.g., 0.000001 > Probability) 

d. Risk Assessment Code (RAC) — The risk assessment code is the numerical value that 
represents the hazard risk associated with a given task, project, test, or equipment and is 
the point of intersection of the consequence severity estimate and the likelihood estimate 
on the RAC matrix. 

e. Risk Assessment Code (RAC) Matrix — A matrix made up of likelihood estimates, 
consequence severity estimates and risk assessment codes. The matrix is used to 
derive the risk assessment code once the consequence and likelihood have been 
determined. 

The RAC matrix is defined as follows: 
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Table 1 - Risk Assessment Code Matrix 


CONSEQUENCE 

CLASS 

LIKELIHOOD ESTIMATE 

A 

B 

C 

D 

E 

I 

1 

1 

2 

3 

4 

II 

1 

2 

3 

4 

5 

III 

2 

3 

4 

5 

6 

IV 

3 

4 

5 

6 

7 


The table below specifies the required action(s) for each RAC. 


Table 2 - RAC Action Table 


RAC 

Action 

1 

Unacceptable - All operations must cease immediately until the hazard is corrected or 
until temporary controls are in place and permanent controls are in work. A safety 
or health professional must stay at the scene at least until temporary controls are in 
place. 

RAC 1 hazards have the highest priority for hazard controls. 

2 

Undesirable - All operations must cease immediately until the hazard is corrected or 
until temporary controls are in place and permanent controls are in work. 

RAC 2 hazards are next in priority after RAC 1 hazards for control. 

Program Manager (Directorate level), Organizational Director, or equivalent 
management is authorized to accept the risk with adequate justification 

3 

Acceptable with controls - Division Chief or equivalent management is authorized to 
accept the risk with adequate justification 

4-7 

Acceptable with controls - Branch Chief or equivalent management is authorized to 
accept the risk with adequate justification 


f. Hazard Disposition — The status of a hazard after controls are in place. Hazard 
Dispositions are utilized in this analysis, documented at the bottom of each hazard analysis 
worksheet, to supplement the risk assessment codes and to further describe the control or 
status of the hazard. The disposition criteria are defined as follows: 

Open/no action — A hazard exists in the system, and no controlling equipment or 
procedures have been implemented to minimize the hazard. 

Closed/controlled — A hazard exists in the system, and appropriate 
mechanical/electrical/procedural actions have been taken to reduce the hazard to a 
minimal level. 

Closed/eliminated — A hazard that is no longer in the system because it has been 
eliminated. 

Closed/accepted — A hazard of RAC 2 or 3 after controls whose risk has been accepted 
by NASA management. 

g. Hazard Summary — A list of the hazard categories/titles with before and after control 
RAC’s. 
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h. Verification — The validation method or process that confirms the hazard control. 
Verifications of the hazard controls are identified via review of test procedures, 
equipment operating instructions and check lists, test system drawings and schematics, 
personnel training records, applicable JSC, EA, Division, and Branch work instructions 
and operating procedures, inspection of test equipment/area and interviews with facility 
engineers, technicians, test directors, and management. 

i. Hazard Analysis Worksheet (HAW) — Tables in the hazard analysis used to document 
specific information regarding each hazard or hazard category, such as hazard 
title/description/consequence, system, sub-system, RAC, hazard causes, controls, 
verifications, remarks, and hazard disposition. There is only one hazard category/title 
per HAW. 


7.0 Hazard Identification Criteria 

As applicable, the following sources were utilized in developing the potential hazards, cause, 
controls and verifications in this Hazard Analysis: 

• System design drawings, schematics, and Configuration Change Orders 

• Detailed Test Procedures, Task Performance Sheets, Checklists, Preventative 
Maintenance Instruction 

• Test system, equipment/hardware, and facility visual inspections 

• Review of lessons learned and accident/mishap/injury reports 

• Discussion with the test team, design engineers, test article experts, and management 
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8.0 Discussion/Description 

8. 1 Test System 

The Building 34 Vacuum Glove Box Assembly, system numbers: A27-M00000 (mechanical) and 
A27-E00000 (electrical), is a transparent pressure vessel. The glove box can structurally 
withstand negative pressures up to 14.7 PSID, but a design MAWP of 9.0 PSID was selected to 
protect ancillary hardware that is used with the glove box. The system is designed to operate with 
one technician. A pressure gauge is mounted on the display panel and shows the differential 
pressure between the glove box and the ambient pressure environment. The end caps of the 
glove box are removable to allow installation/removal of test equipment inside the glove box. Two 
arm ports are located in the middle of the cylinder and include arm bearing blanking plates. The 
glove box is mounted on a height-adjustable stand which positions the arm ports at a subject’s 
shoulder level. A vacuum pump is used for reducing the pressure in the glove box. Class III arms 
with arm bearings and wrist disconnects are used to evaluate space suit gloves and other 
hardware. 

The glove box is shown in Figure 1. 



Figure 1 - Building 34 Vacuum Glove Box System. 


8.2 Test Article 

The glove box can perform a variety of tests that include, but are not limited to, glove fit checks, 
space suit tool evaluations, prototype hardware evaluations, and certification testing. Generic 
tests (glove fit checks, EVA tool evaluations, etc) are covered under the Advanced Suit Lab (ASL) 
annual TRR. A dedicated TRR is required for tests that introduce new hazards to the glove box 
system. 
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9.0 Hazard Summary 

Table 3 summarizes the potential system hazards and risk assessment codes associated with 
this facility equipment, hardware, task, and/or test system. The details of each hazard, such as 
the specific hazard causes, controls and verifications, are documented on the hazard analysis 
work sheets in Appendix A. 


Table 3 - Hazard Summary Table 


Hazard 

Consequence/Likelihood/RAC 

Before Controls 

After Controls 

1 

Structural Failure 

lll/C/4 

lll/D/5 

2 

Contamination 

1 l/A/1 

1 l/C/3 

3 

Electrocution 

l/C/2 

l/D/3 

n 

Smoke/Fire 

lll/C/4 

lll/D/5 

5 

General Personnel Injury 

ll/B/2 

1 l/D/4 

6 

Sharp Edges/Corners 

1 l/C/3 

1 l/D/4 
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Hazard Analysis - Structural Failure 


Nr. 

Hazard 

Cause 

Effect 

RAC 

Before 

Controls 

Controls 

Verification 

RAC 

After 

Controls 

1. 

Structural 

Failure 

Over-depressurization 
of glove box caused 
by malfunctioning 
gage/relief 
valve/regulator 

Test hardware 
damage 

lll/C/4 

Relief valve, as bench tested, set to 
8.9 ± 0.1 PSID, installed internally to 
glove box and vented to ambient. 
Gloves and arm segments used with 
the glove box must have an MAWP of 
at least 9 PSID. 

A27-M00000 

lll/D/5 




Personnel 

injury 


Relief valve is calibrated every 5 
years, per JPR1710.13. 

CTSD-ADV-804, 
Section 1 .0 







Glove box receives Class 1 inspection 
every 2 years, per JPR1710.13. 

CTSD-ADV-804, 
Section 1 .0 







Gage and regulator are evaluated for 
functionality at least 30 days prior to 
performing a test with glove box. 

CTSD-ADV-804 




Over-depressurization 
of the glove box 
caused by faulty sizing 
of relief valve 



PSMO design review has been 
completed on glove box system, per 
JPR1710.13. 

CTSD-ADV-804, 
Section 1 .0 




Faulty design of glove 
box structure 



Glove box assembly design has been 
reviewed and approved by JSC 
structural analysts. 

SED361 29264 




Negligent operation 



Operating procedures are required to 
operate the glove box. 

CTSD-ADV-826 







Only qualified personnel are 
authorized to operate the glove box. 

Technician 
certification letters 
on file with EC5 
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Hazard Analysis - Contamination 


Nr. 

Hazard 

Cause 

Effect 

RAC 

Before 

Controls 

Controls 

Verification 

RAC 

After 

Controls 

2. 

Contamination to 
glove box and/or test 
article 

Foreign particulate 
introduced to glove 
box and/or test articles 

Test hardware 
damage 

1 l/A/l 

Only qualified personnel are 
authorized to operate glove 
box. 

Technician certification 
letters on file with EC5 

1 l/C/3 




Personnel 

injury 


Glove box and test setup are 
inspected prior to use. 

CTSD-ADV-826, 
Section 1 .0 







Functional checkout is 
completed at least 30 days 
prior to glove box testing. 

CTSD-ADV-826, 

Scope 




Foreign particulate 
introduced to vacuum 
pump 

Vacuum pump 
damage 


Filter installed upstream of 
vacuum pump. 

A27-M00000 
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Hazard Analysis - Electrocution 


Nr. 

Hazard 

Cause 

Effect 

RAC 

Before 

Controls 

Controls 

Verification 

RAC 

After 

Controls 

3. 

Electrocution 

Personnel contact with 
exposed wires 

Electrocution 

l/C/2 

Electrical connections and terminals 
are not exposed. 

CTSD-ADV- 
804, Section 1 .0 
and CTSD- 
ADV-826, 
Section 1 .0 

l/D/3 






Glove box assembly and test setup 
are inspected prior to use. 




Short circuit 



Electrical design and build-up has 
been reviewed and approved by EC5 
electrical engineer. 

A27-E00000 




Frayed wires 



Electrical devices' cases are grounded 

A27-E00000 







GFCI protection is incorporated into 
the glove box assembly design. 
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Hazard Analysis - Smoke/Fire 


Hazard 

Cause 

Effect 

RAC 

Before 

Controls 

Controls 

Verification 

RAC 

After 

Controls 

Smoke/Fire 

Ignition or non- 
compatible materials 
present in glove box 

Damage to test 
equipment 

lll/C/4 

Hazardous materials are not used in 
glove box without prior approval by 
TRR chair. 

CTSD-ADV- 
826, Scope 

lll/D/5 


Electrical short circuit 

Personnel 

injury 


Glove box assembly and test setup 
are inspected prior to use. 

CTSD-ADV- 
804, Section 1 .0 
and CTSD- 
ADV-826, 
Section 1 .0 






Electrical design and build-up has 
been reviewed and approved by 
EC5 electrical engineer. 

A27-E00000 



Vacuum pump 
overheating 



Vacuum pump includes automatic 
temperature shutoff 

A27-E00000 
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Hazard Analysis - General Personnel Iniur 



Hazard 


5. General Personnel 
Injury 



Slips, trips, falls, pinch 
points, etc. 


Equipment/Machinery 
causes excessive noise 


Pinch point caused by 
adjusting height of glove 
box 


Glove box tipping over 
during transportation 


Personnel 

injury 


RAC 

Before 

Controls 


ll/B/2 


Hardware 

damage 


Controls 

Verification 

Glove box assembly and test 
setup are inspected prior to 
use. 

CTSD-ADV-804, Section 
1 .0 and CTSD-ADV-826, 
Section 1 .0 

Safety glasses are required 
during operation of glove 
box. 

CTSD-ADV-804, Scope 
and CTSD-ADV-826, 
Scope 

Functional checkout is 
completed at least 30 days 
prior to glove box testing. 

CTSD-ADV-804, Scope 

Only qualified personnel are 
authorized to operate glove 
box. 

Technician certification 
letters on file with EC5. 

Procedures ensure all test 
support personnel are clear 
of glove box prior to adjust of 
glove box. 

CTSD-ADV-804, Section 
3.0 and CTSD-ADV-826, 
Section 2.0 

Only qualified personnel are 
authorized to operate glove 
box. 

Technician certification 
letters on file with EC5. 


RAC 

After 

Controls 


I l/D/4 
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Hazard Analysis - Sharp Edaes/Corners 


Nr. 

Hazard 

Cause 

Effect 

RAC 

Before 

Controls 

Controls 

Verification 

RAC 

After 

Controls 

6. 

Sharp Edges/Corners 

Contact with sharp 
edges or protrusions 

Personnel 

injury 

1 l/C/3 

Glove box, gloves, GSE, and support 
hardware are inspected to verify that 
assemblies are free of sharp edges 
and corners. 

CTSD-ADV- 
826, Section 1 .0 

1 l/D/4 




Hardware 

Damage 


Technicians are trained for sharp 
edge inspections where/as needed. 

Technician 
certification 
letters on file 
with EC5. 































